Privacy and security news, 2/28/2021

Security

Solarwinds continues to make news: The SolarWinds Body Count Now Includes NASA and the FAA They’re also identifying scapegoats SolarWinds Officials Throw Intern Under the Bus for ‘solarwinds123’ Password Fail with Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers so we’ll even find more victims!

As is to be expected when growth is more important than security Clubhouse’s security and privacy lag behind its explosive growth and as also expected Clubhouse vows to fix its platform after tool enabled audio chat leaks In an interesting discussion Clubhouse illuminates the stark cultural divide between journalists and tech people

And here’s another expected event: Twitter’s new hacking label has already been hacked

Not content to just use their skills themselves, Cybercrime groups are selling their hacking skills. Some countries are buying

And here’s what we get when attack is more important than defense: Chinese Hackers Reportedly Wielded a Stolen NSA Cyber Weapon for Years

The never-ending news about attack method advances

• FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group

• Go malware is now common, having been adopted by both APTs and e-crime groups

• Phishing: Cyber criminals are using macros to access your systems

• More than 6,700 VMware servers exposed online and vulnerable to major new bug

It’s good to hear that Apple Takes Action Against Silver Sparrow Malware Discovered on 30K Infected Macs but isn’t it a bit late?

Surveillance

In this space too, privacy invading technology appears to advance faster than privacy preserving technology. The latter is just not as profitable!

• Why would you ever trust Amazon's Alexa after this?

• Facebook's Making a Good Case Why You Should Never Wear Its Smart Glasses

• Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

• ZTE shows off an under-display facial recognition system

• Ring’s Video Doorbell Pro 2 has built-in radar

In good news, Mozilla beefs up anti-cross-site tracking in Firefox, as Chrome still lags on privacy

It appears that security and privacy don’t always go together: Security researcher recommends against LastPass after detailing 7 trackers

As privacy violations become more apparent, their penalties are going up! TikTok will pay $92 million to settle class-action data harvesting lawsuit and Judge approves $650 million Facebook privacy settlement over facial recognition feature and that applies just to users in Illinois!

Regulation

As we’ve seen above The Best Law You’ve Never Heard Of is starting to have effect! It’s not all or nothing as One State Managed to Actually Write Rules on Facial Recognition

In major steps, Federal judge rules that California can enforce its net neutrality law as

The House’s has three big ideas to take on tech power